What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through <= 1.5.5.
Explanation of Vulnerability in Simple Terms
02Summary
CWS SVGicons versions 1.5.5 and earlier contain a SQL injection vulnerability accessible to authenticated users. An attacker with low-level account access can craft malicious input to execute arbitrary SQL queries against the database. The vulnerability affects confidentiality (data disclosure) and availability (database disruption). Update to a version newer than 1.5.5.
What an attacker can do
03Attacker Capabilities
Read or modify database contents, or disrupt database availability.
Potential impact on your site
04Site Impact
Database contents may be exposed or corrupted; site may become unavailable if database is disrupted.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
July 13, 2026
CVE published
July 13, 2026
Record updated